What is claimed is: 

1 . A method for authenticating a user's access to a client machine, 
comprising: 

communicating a request for access from the user machine to the client machine; 

establishing a login account with login information at the client machine in 
response to the request; 

encrypting the login information at the client machine and communicating the 
encrypted login information to the user machine; 

communicating the encrypted login information and authentication information 
associated with the user from the user machine to an authentication server; and 

decrypting the encrypted login information at the authentication server and 
communicating the decrypted login information to the user machine if the authentication 
information is acceptable to the authentication server. 

2. The method of claim 1 , further comprising: 

communicating an identifier associated with the user from the user machine to the 
client machine; 

encrypting the identifier at the client machine and communicating the encrypted 
identifier to the user machine; 

communicating the encrypted identifier from the user machine to the 
authentication server; and 

decrypting the encrypted identifier at the authentication server; 

wherein the decrypted login information is communicated to the user machine if 
the decrypted identifier is acceptable to the authentication server. 
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3 . The method of claim 1 , further comprising: 

encrypting an identifier associated with the client machine at the client machine 
and communicating the encrypted identifier to the user machine; 

communicating the encrypted identifier from the user machine to the 
authentication server; and 

decrypting the encrypted identifier at the authentication server; 

wherein the decrypted login information is communicated to the user machine if 
the decrypted identifier is acceptable to the authentication server. 

4. The method of claim 1 , further comprising: 

communicating the login information from the user machine to the client machine 
to enable the user machine to access the client machine. 



5 . The method of claim 1 , wherein: 

the login information comprises at least one of a name and password. 



6. The method of claim 1 , wherein: 

the login information is encrypted at the client machine using a public key of a 
public key-private key pair; and 

the encrypted login information is decrypted at the authentication server using the 
private key of the public key-private key pair. 

7. The method of claim 1 , wherein: 

the authentication information comprises an identifier associated with the user. 



8. The method of claim 1 , wherein: 

the encrypted login information is inaccessible to the user machine. 
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9. The method of claim 1 , wherein: 

the request for access is communicated from the user machine to the client 
machine, and the encrypted login information is communicated from the client machine 
to the user machine via a Secure Sockets Layer connection. 

1 0. A system for authenticating a user's access to a client machine, 
comprising: 

means for communicating a request for access from the user machine to the client 
machine; 

means for establishing a login account with login information at the client 
machine in response to the request; 

means for encrypting the login information at the client machine and 
communicating the encrypted login information to the user machine; 

means for communicating the encrypted login information and authentication 
information associated with the user from the user machine to an authentication server; 
and 

means for decrypting the encrypted login information at the authentication server 
and communicating the decrypted login information to the user machine if the 
authentication information is acceptable to the authentication server. 

11. A program storage device, tangibly embodying a program of instructions 
executable by a machine to perform a method for authenticating a user's access to a client 
machine, the method comprising: 

communicating a request for access from the user machine to the client machine; 
establishing a login account with login information at the client machine in 
response to the request; 
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encrypting the login information at the client machine and communicating the 
encrypted login information to the user machine; 

communicating the encrypted login information and authentication information 
associated with the user from the user machine to an authentication server; and 

decrypting the encrypted login information at the authentication server and 
communicating the decrypted login information to the user machine if the authentication 
information is acceptable to the authentication server. 

12. A method for use at a user machine in authenticating a user's access to a 
client machine, comprising: 

communicating a request for access from the user machine to the client machine; 

receiving encrypted login information from the client machine that was generated 
in response to the request for access; 

communicating the encrypted login information and authentication information 
associated with the user from the user machine to an authentication server; and 

receiving decrypted login information from the authentication server that was 
derived by decrypting the encrypted login information when the authentication 
information is acceptable to the authentication server. 

1 3 . The method of claim 1 2, further comprising: 

communicating an identifier associated with the user from the user machine to the 
client machine; 

wherein the client machine encrypts the identifier and communicates the 
encrypted identifier to the user machine; and 

communicating the encrypted identifier from the user machine to the 
authentication server; 
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wherein the authentication server decrypts the encrypted identifier and 
communicates the decrypted login information to the user machine if the decrypted 
identifier is acceptable to the authentication server. 

14. The method of claim 12, wherein the client machine encrypts an 
associated identifier and communicates the encrypted identifier to the user machine, the 
method further comprising; 

communicating the encrypted identifier from the user machine to the 
authentication server; 

wherein the authentication server decrypts the encrypted identifier and 
communicates the decrypted login information to the user machine if the decrypted 
identifier is acceptable to the authentication server. 

15. The method of claim 1 2, further comprising: 

communicating the login information from the user machine to the client machine 
to enable the user machine to access the client machine. 

16. The method of claim 12, wherein: 

the login information comprises at least one of a name and password. 

17. The method of claim 12, wherein: 

the login information is encrypted at the client machine using a public key of a 
public key-private key pair; and 

the encrypted login information is decrypted at the authentication server using the 
private key of the public key-private key pair. 
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18. The method of claim 12, wherein: 

the authentication information comprises an identifier associated with the user. 

1 9. The method of claim 1 2, wherein: 

the encrypted login information is inaccessible to the user machine. 

20. A program storage device, tangibly embodying a program of instructions 
executable by a user machine to perform a method for authenticating a user's access to a 
client machine, the method comprising: 

communicating a request for access from the user machine to the client machine; 

receiving encrypted login information from the client machine that was generated 
in response to the request for access; 

communicating the encrypted login information and authentication information 
associated with the user from the user machine to an authentication server; and 

receiving decrypted login information from the authentication server that was 
derived by decrypting the encrypted login information when the authentication 
information is acceptable to the authentication server. 

21 . A user machine for use in accessing a client machine, comprising: 
means for communicating a request for access from the user machine to the client 

machine; 

means for receiving encrypted login information from the client machine that was 
generated in response to the request for access; 

means for communicating the encrypted login information and authentication 
information associated with the user from the user machine to an authentication server; 
and 
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means for receiving decrypted login information from the authentication server 
that was derived by decrypting the encrypted login information when the authentication 
information is acceptable to the authentication server. 

22. The user machine of claim 2 1 , further comprising: 

means for communicating an identifier associated with the user from the user 
machine to the client machine; 

wherein the client machine encrypts the identifier and communicates the 
encrypted identifier to the user machine; and 

means for communicating the encrypted identifier from the user machine to the 
authentication server; 

wherein the authentication server decrypts the encrypted identifier and 
communicates the decrypted login information to the user machine if the decrypted 
identifier is acceptable to the authentication server. 

23 . The user machine of claim 2 1 , wherein the client machine encrypts an 
associated identifier and communicates the encrypted identifier to the user machine, the 
user machine further comprising; 

means for communicating the encrypted identifier from the user machine to the 
authentication server; 

wherein the authentication server decrypts the encrypted identifier and 
communicates the decrypted login information to the user machine if the decrypted 
identifier is acceptable to the authentication server. 

24. The user machine of claim 2 1 , further comprising: 

means for communicating the login information from the user machine to the 
client machine to enable the user machine to access the client machine. 
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25. The user machine of claim 2 1 , wherein: 

the login information comprises at least one of a name and password. 

26. The user machine of claim 2 1 , wherein: 

the login information is encrypted at the client machine using a public key of a 
public key-private key pair; and 

the encrypted login information is decrypted at the authentication server using the 
private key of the public key-private key pair. 

27. The user machine of claim 2 1 , wherein: 

the authentication information comprises an identifier associated with the user. 

28. A method for use at a client machine for authenticating a user's access to 
the client machine, comprising: 

receiving a request for access from the user machine at the client machine; 

establishing a login account with login information at the client machine in 
response to the request; 

encrypting the login information at the client machine and communicating the 
encrypted login information to the user machine; 

wherein the user machine communicates the encrypted login information and 
authentication information associated with the user from the user machine to an 
authentication server, and the authentication server decrypts the encrypted login 
information and communicates the decrypted login information to the user machine if the 
authentication information is acceptable to the authentication server; and 

receiving the login information from the user machine at the client machine to 
enable the user machine to access the client machine. 
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29. A program storage device, tangibly embodying a program of instructions 
executable by a client machine to perform a method for use at the client machine in 
authenticating a user's access to the client machine, the method comprising: 

receiving a request for access from the user machine at the client machine; 

establishing a login account with login information at the client machine in 
response to the request; 

encrypting the login information at the client machine and communicating the 
encrypted login information to the user machine; 

wherein the user machine communicates the encrypted login information and 
authentication information associated with the user from the user machine to an 
authentication server, and the authentication server decrypts the encrypted login 
information and communicates the decrypted login information to the user machine if the 
authentication information is acceptable to the authentication server; and 

receiving the login information from the user machine at the client machine to 
enable the user machine to access the client machine. 

30. A client machine in which a user's access to the client machine is 
authenticated, comprising: 

means for receiving a request for access from the user machine at the client 
machine; 

means for establishing a login account with login information at the client 
machine in response to the request; 

means for encrypting the login information at the client machine and 
communicating the encrypted login information to the user machine; 

wherein the user machine communicates the encrypted login information and 
authentication information associated with the user from the user machine to an 
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authentication server, and the authentication server decrypts the encrypted login 
information and communicates the decrypted login information to the user machine if the 
authentication information is acceptable to the authentication server; and 

means for receiving the login information from the user machine at the client 
machine to enable the user machine to access the client machine. 
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